CVE-2021-47282: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: spi: bcm2835: Fix out-of-bounds access with more than 4 slaves Commit 571e31fa60b3 ("spi: bcm2835: Cache CS register value for ->prepare_message()") limited the number of slaves to 3 at compile-time. The limitation was necessitated by a statically-sized array prepare_cs[] in the driver private data which contains a per-slave register value. The commit sought to enforce the limitation at run-time by setting the controller's num_chipselect to 3: Slaves with a higher chipselect are rejected by spi_add_device(). However the commit neglected that num_chipselect only limits the number of *native* chipselects. If GPIO chipselects are specified in the device tree for more than 3 slaves, num_chipselect is silently raised by of_spi_get_gpio_numbers() and the result are out-of-bounds accesses to the statically-sized array prepare_cs[]. As a bandaid fix which is backportable to stable, raise the number of allowed slaves to 24 (which "ought to be enough for anybody"), enforce the limitation on slave ->setup and revert num_chipselect to 3 (which is the number of native chipselects supported by the controller). An upcoming for-next commit will allow an arbitrary number of slaves.
AI Analysis
Technical Summary
CVE-2021-47282 is a vulnerability identified in the Linux kernel's SPI (Serial Peripheral Interface) driver for the bcm2835 controller, commonly used in Raspberry Pi devices and other embedded systems. The issue arises from improper handling of chip select (CS) lines when more than four SPI slaves are configured. Originally, a commit (571e31fa60b3) limited the number of native chip selects to three due to a statically-sized array (prepare_cs[]) that stores per-slave register values. However, this limitation only applied to native chip selects, not GPIO-based chip selects specified via the device tree. When GPIO chip selects exceed three, the num_chipselect value is silently increased by the of_spi_get_gpio_numbers() function, leading to out-of-bounds array accesses on prepare_cs[]. This can cause memory corruption within the kernel, potentially leading to system instability, crashes, or escalation of privileges if exploited. The fix involves increasing the allowed number of slaves to 24, enforcing limits during slave setup, and reverting num_chipselect to three for native chip selects. This patch is backported to stable kernel versions, with future updates planned to support arbitrary numbers of slaves safely. No known exploits are currently reported in the wild, and the vulnerability primarily affects Linux kernel versions including the specified commit hash. The vulnerability is technical and specific to embedded Linux systems using the bcm2835 SPI controller with multiple GPIO chip selects configured beyond the native limit.
Potential Impact
For European organizations, the impact of CVE-2021-47282 depends largely on their use of embedded Linux devices, particularly those based on the bcm2835 SPI controller such as Raspberry Pi devices or similar hardware in industrial control systems, IoT deployments, or edge computing environments. Exploitation could lead to kernel memory corruption, causing device crashes or potential privilege escalation, which in turn could disrupt critical services or allow attackers to gain unauthorized control over affected devices. This is particularly concerning for sectors relying on embedded Linux for automation, manufacturing, or critical infrastructure monitoring. While no exploits are currently known, the vulnerability's nature means that if exploited, it could undermine system integrity and availability. Confidentiality impact is lower unless combined with other vulnerabilities. The risk is higher in environments where multiple SPI slaves are configured via GPIO chip selects beyond the native limit, a configuration more common in complex embedded systems. Organizations using standard desktop or server Linux distributions without bcm2835 hardware are unlikely to be affected.
Mitigation Recommendations
European organizations should first identify any embedded Linux devices using the bcm2835 SPI controller, especially those with multiple SPI slaves configured via GPIO chip selects. They should apply the latest Linux kernel patches that address CVE-2021-47282, ensuring the kernel version includes the fix that raises the allowed slaves to 24 and enforces proper limits. For devices where kernel updates are not immediately feasible, organizations should audit device tree configurations to ensure no more than three GPIO chip selects are specified, thereby avoiding out-of-bounds access. Additionally, implement strict device management policies to control firmware and kernel updates on embedded devices. Monitoring kernel logs for unusual SPI-related errors or crashes can help detect exploitation attempts. For critical infrastructure, consider network segmentation and limiting access to embedded devices to reduce attack surface. Finally, maintain an inventory of embedded devices and their kernel versions to prioritize patching and risk assessment.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden, Finland, Belgium
CVE-2021-47282: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: spi: bcm2835: Fix out-of-bounds access with more than 4 slaves Commit 571e31fa60b3 ("spi: bcm2835: Cache CS register value for ->prepare_message()") limited the number of slaves to 3 at compile-time. The limitation was necessitated by a statically-sized array prepare_cs[] in the driver private data which contains a per-slave register value. The commit sought to enforce the limitation at run-time by setting the controller's num_chipselect to 3: Slaves with a higher chipselect are rejected by spi_add_device(). However the commit neglected that num_chipselect only limits the number of *native* chipselects. If GPIO chipselects are specified in the device tree for more than 3 slaves, num_chipselect is silently raised by of_spi_get_gpio_numbers() and the result are out-of-bounds accesses to the statically-sized array prepare_cs[]. As a bandaid fix which is backportable to stable, raise the number of allowed slaves to 24 (which "ought to be enough for anybody"), enforce the limitation on slave ->setup and revert num_chipselect to 3 (which is the number of native chipselects supported by the controller). An upcoming for-next commit will allow an arbitrary number of slaves.
AI-Powered Analysis
Technical Analysis
CVE-2021-47282 is a vulnerability identified in the Linux kernel's SPI (Serial Peripheral Interface) driver for the bcm2835 controller, commonly used in Raspberry Pi devices and other embedded systems. The issue arises from improper handling of chip select (CS) lines when more than four SPI slaves are configured. Originally, a commit (571e31fa60b3) limited the number of native chip selects to three due to a statically-sized array (prepare_cs[]) that stores per-slave register values. However, this limitation only applied to native chip selects, not GPIO-based chip selects specified via the device tree. When GPIO chip selects exceed three, the num_chipselect value is silently increased by the of_spi_get_gpio_numbers() function, leading to out-of-bounds array accesses on prepare_cs[]. This can cause memory corruption within the kernel, potentially leading to system instability, crashes, or escalation of privileges if exploited. The fix involves increasing the allowed number of slaves to 24, enforcing limits during slave setup, and reverting num_chipselect to three for native chip selects. This patch is backported to stable kernel versions, with future updates planned to support arbitrary numbers of slaves safely. No known exploits are currently reported in the wild, and the vulnerability primarily affects Linux kernel versions including the specified commit hash. The vulnerability is technical and specific to embedded Linux systems using the bcm2835 SPI controller with multiple GPIO chip selects configured beyond the native limit.
Potential Impact
For European organizations, the impact of CVE-2021-47282 depends largely on their use of embedded Linux devices, particularly those based on the bcm2835 SPI controller such as Raspberry Pi devices or similar hardware in industrial control systems, IoT deployments, or edge computing environments. Exploitation could lead to kernel memory corruption, causing device crashes or potential privilege escalation, which in turn could disrupt critical services or allow attackers to gain unauthorized control over affected devices. This is particularly concerning for sectors relying on embedded Linux for automation, manufacturing, or critical infrastructure monitoring. While no exploits are currently known, the vulnerability's nature means that if exploited, it could undermine system integrity and availability. Confidentiality impact is lower unless combined with other vulnerabilities. The risk is higher in environments where multiple SPI slaves are configured via GPIO chip selects beyond the native limit, a configuration more common in complex embedded systems. Organizations using standard desktop or server Linux distributions without bcm2835 hardware are unlikely to be affected.
Mitigation Recommendations
European organizations should first identify any embedded Linux devices using the bcm2835 SPI controller, especially those with multiple SPI slaves configured via GPIO chip selects. They should apply the latest Linux kernel patches that address CVE-2021-47282, ensuring the kernel version includes the fix that raises the allowed slaves to 24 and enforces proper limits. For devices where kernel updates are not immediately feasible, organizations should audit device tree configurations to ensure no more than three GPIO chip selects are specified, thereby avoiding out-of-bounds access. Additionally, implement strict device management policies to control firmware and kernel updates on embedded devices. Monitoring kernel logs for unusual SPI-related errors or crashes can help detect exploitation attempts. For critical infrastructure, consider network segmentation and limiting access to embedded devices to reduce attack surface. Finally, maintain an inventory of embedded devices and their kernel versions to prioritize patching and risk assessment.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-21T13:27:52.128Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9835c4522896dcbea2e5
Added to database: 5/21/2025, 9:09:09 AM
Last enriched: 6/26/2025, 11:23:01 AM
Last updated: 8/12/2025, 1:35:24 AM
Views: 11
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.